sample health check review - absolute · sample health check review prepared for acme corporation...
TRANSCRIPT
Prepared for: Acme CorporationDecember 1st, 2018
S A M P L E R E P O R T
SAMPLE HEALTH CHECK REVIEW
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 2
COPYRIGHT
© Copyright 2018 Absolute. All Rights Reserved. This is unpublished material and contains confidential information and is subject to a confidentiality agreement. The unauthorized possession, use, reproduction, distribution, display, or disclosure of this material or the information contained herein is prohibited.
The methodologies and processes used in the conduct of this engagement are considered proprietary intellectual property of Absolute, and may not be disclosed without written permission from Absolute. Absolute authorizes you to copy this report for the purposes of disseminating information within your organization or any regulatory agency.
CONFIDENTIALITY
This document contains confidential information of a proprietary and sensitive nature. As such this document should be afforded the security and handling precautions that a confidential document warrants. This document should have a controlled distribution to relevant parties only, and should not be copied without written permission.
Absolute treats the contents of any deliverable as confidential material, and will not disclose the contents of this document to anyone without written permission.
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 3
TABLE OF CONTENTS
EXECUTIVE SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
BACKGROUND .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
DASHBOARD .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
RECOMMENDATIONS FROM ANALYSIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
ACCOUNT USERS .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
ACCOUNT USERS – AUTO-SUSPEND .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
REGULATORY REQUIREMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
NETWORK .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
PHYSICAL LOCATION.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
OPERATING SYSTEMS .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
DEVICE DETAILS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
END OF LIFE PROCESS.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
DEVICE NAMING CONVENTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
SYSTEM PROTECTION – ENCRYPTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
SYSTEM PROTECTION – ANTI-VIRUS/ANTI-MALWARE .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
SYSTEM PROTECTION – SCCM – SYSTEM MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
SYSTEM PROTECTION – OTHER APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
REPORTING/ALERTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
SECURITY ACTIONS – DATA DELETE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
SECURITY ACTIONS – DEVICE FREEZE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
SIEM INTEGRATION – SPLUNK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
ENDPOINT DATA DISCOVERY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
HARDWARE & SOFTWARE REPORTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
GOVERNANCE, RISK & COMPLIANCE (GRC) REPORTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
OPERATING SYSTEMS .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
ENCRYPTED DEVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
NON-ENCRYPTED DEVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
ENDPOINT ANTI-MALWARE STATUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
SCCM HEALTH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
REMOTE ACCESS APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
CLOUD SHARING APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
PEER-TO-PEER APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
CONCLUSIONS ABOUT ACCOUNT HEALTH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 4
EXECUTIVE SUMMARY
BACKGROUND
ACME Corporation contracted Absolute Professional Services (Absolute) for Health Check services for the Absolute clients at ACME. ACME requested these Health Check services in order to get an independent report into the health of their Absolute implementation.
Absolute recommended the following goals:
• Address open issues
• Schedule report status call
• Demonstrate new features
• Identify issues or configuration improvements
SUMMARY
The following are accomplished activities so far:
• Introductory kick-off meeting on August 1, 2018
• Phase 1 Investigation webex/call on August 8, 2018 to gather data and review Absolute console current setup / configuration.
• Target completion date set for September 15, 2018
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 5
DASHBOARD
ASSESSMENT CATEGORY COUNT
# of Absolute Licenses 4,051
# of installed Absolute Agents 3,679
% active in past 90 days 64%
# of open support issues 5
# of resolved support issues 160
# of Data Deletes 9
# of Device Freezes 2
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 6
RECOMMENDATIONS FROM ANALYSIS
The following sections contain a summary of the recommendations.
ACCOUNT USERSUrgency: High
During the Absolute console review it was seen that ACME have a very high number of users with access to Absolute console (50). Access should be restricted to the core team who manage and monitor your assets.
ACCOUNT USERS – AUTO-SUSPENDUrgency: High
Auto-suspend should be enabled for any inactive users that have not accessed Absolute console in 30 days. This will help protect the system.
REGULATORY REQUIREMENTSUrgency: Med
During the phase 1 Absolute console review the ACME team were not sure which regulatory requirements apply to the business.
Possible compliance issues: If ACME has a medical bay and patient records are stored HIPAA will apply, If ACME collects customer billing and credit card records then PCI SSC may apply. These are just 2 possible scenarios where the use of Absolute Data Awareness would provide protection and assist in compliance for ACME.
NETWORKUrgency: Best Practice
Use of a segmented LAN allowing for the detection of physical location of devices to building level.
Devices are expected to contact the monitoring center daily, set alert for any devices not calling in a given number of days.
PHYSICAL LOCATIONUrgency: Med
Since ACME devices can communicate from so many locations alerts for changes in external IP will only be useful for static devices that should not leave a given location. Alerts for change in internal and external IP can be used to monitor these static devices.
ACME should consider enabling Geolocation and Geo-fences so they can be used to monitor such static devices.
OPERATING SYSTEMSUrgency: Med
As ACME windows devices should all be using volume license keys (KMS or MAK) alert for key change should be setup to detect users violating this policy. Review GRC to see which Keys are detected on ACME devices.
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 7
DEVICE DETAILSUrgency: Med
ACME does not lease devices. The device lease fields in Absolute console can be used to track purchase date or deployment date so older devices can be tracked for return before EOL.
END OF LIFE PROCESSUrgency: High
A review of the asset report shows a lot of old redundant data for devices that have not called in a number of years, ACME should modify their EOL process to ensure that all retiring devices have the Absolute agent removed. This will free up the licenses for use on new devices.
Absolute console provides for the bulk removal of the Absolute agent from multiple computers at once, this should be used to remove the redundant devices from the system.
DEVICE NAMING CONVENTIONUrgency: Med
ACME has a standard naming convention. Alerts should be setup to detect devices that do not match the correct convention.
Device name can be used to group devices so that the correct department field can be set.
SYSTEM PROTECTION – ENCRYPTIONUrgency: High
ACME has mandated that windows laptops be encrypted with ‘BitLocker’ and Mac computers with ‘FileVault’, also older devices may use PGP. The encryption report should be used to discover devices that are not encrypted and where data is at risk.
2453 Non-Encrypted devices.
By leveraging Application Persistence, you can ensure each device has the proper applications installed regardless of network status or device location.
www.absolute.com/en/resources/datasheets/application-persistence
SYSTEM PROTECTION – ANTI-VIRUS/ANTI-MALWAREUrgency: High
ACME has mandated that McAfee should be used. Alert for missing AV should be enabled.
834 devices missing AV.
By leveraging Application Persistence, you can ensure each device has the proper applications installed regardless of network status or device location.
www.absolute.com/en/resources/datasheets/application-persistence
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 8
SYSTEM PROTECTION – SCCM - SYSTEM MANAGEMENTUrgency: Med
ACME uses SCCM. Absolute console SCCM health reporting is enabled. SCCM Repair feature should also be enabled.
SCCM StatusOK 925Needs attention 404Absent 592No Indication 1761
By leveraging Application Persistence, you can ensure each device has the proper applications installed regardless of network status or device location.
www.absolute.com/en/resources/datasheets/application-persistence
SYSTEM PROTECTION – OTHER APPLICATIONSUrgency: Med
We recommend the creation of a default software policy for mandated and banned software. This will allow alerts and reporting for breaches to ACME’s software policy.
REPORTING/ALERTSUrgency: Med
The following alerts may be beneficial to improve the quality of the reporting and detection of at risk devices:
ID ALERT NAME COMMENT SUSPICION LEVEL
106862 Device RebuildAbsolute agent persistence has been triggered, could indicate device no longer under your control
3
Encryption Status Changed User tampering with encryption, possible policy violation 3
106851 Last call > XX days agoDevice has not called in given number of days, could indicate a lost device not under your control
1
106863 Local IP Address Changed For static device group - User could be using device in wrong location 1
106864 Major ChangeAbsolute Persistence self-healing has been triggered, could indicate device no longer under your control
5
106857 Missing Software on Required List User tampering with device against corporate policy 1
106865 Network ChangeFor static device group - Both Internal and External IP Changed, device in no longer in the correct location, user could have a device at home
2
106854 New Program File Detected User is installing software – against company policy 1
106866 Operating System Changed User is rebuilding device or it is out of your control 2
106867 Operating System Product Key Changed User is rebuilding device or it is out of your control 3
106868 Public IP Address ChangedFor static device group - Device is outside the organization, User is connecting from non-authorized location against company policy
1
106869 Self-Healing CallAbsolute agent persistence has been triggered, could indicate device no longer under your control
3
SCCM needs attention SCCM agent status changed, device needs investigation 2
106856 Software on Banned List User installing banned software, corporate policy violation 3
106870 Username ChangedPossible device drift inside the company, also check IP’s to see if device is still in the organization
3
106853 Warranty Ending Used to renew, extend warranty or EOL retire device
106861 Device Name Changed Could indicate a user is misusing the device or it is no longer under your control 3
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 9
SECURITY ACTIONS – DATA DELETEStatus: Best Practice
Recommendation to create pre-configured Data Delete Policies so the user can save time and simply choose the most relevant policy depending upon the scenario.
“Last Accessed Time Stamp enabled”, this will assist in proving compliance with any required “regulatory requirements” the uploaded log from a successful Data Delete action can prove sensitive data was never accessed prior to being remotely deleted from the at risk device.
Status: Low
Custom Action Fields: these can be created to allow the recording of additional data for Data Delete and Device Freeze actions.
SECURITY ACTIONS – DEVICE FREEZEStatus: High
This feature has not been used since 2017.
Recommendation to create pre-configured Device Freeze Messages so the user can save time and simply choose the most relevant message depending upon the scenario.
We also recommend the use of “Offline Device Freeze Policy” for devices that stop calling for a prolonged period of 14 days or longer. This will assist in protecting data on possible compromised devices.
SIEM INTEGRATION- SPLUNKStatus: Not Implemented
We recommend downloading and setup of the SIEM connector to facilitate the export of Absolute console alerts to Splunk. The alerts, when fed in to Splunk, can be used to compare against other data sources. We also have direct integration with RSA Security Analytics, HP ArcSight and other leading SIEM solutions.
ENDPOINT DATA DISCOVERYStatus: Not Enabled
If Data Discovery is part of the feature set for purchased Absolute products we recommend configuring and activating Data Discovery on a test policy to evaluate its’ effectiveness. To enable the feature you must add devices to the applicable Device Policy, and then configure that Policy to enabled Data Discovery with the options that you would like to use.
HARDWARE & SOFTWARE REPORTINGStatus: Enabled
Test policy has hardware and software detection enabled. We recommend continued evaluation of these beta features.
GOVERNANCE, RISK & COMPLIANCE (GRC) REPORTINGStatus: Enabled
This is a monthly automated report already enabled for your account that is sent out by email.
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 10
OPERATING SYSTEMSOf the endpoints in the account, the following breakdown represents the various operating systems found:
(434) Four hundred and thirty four endpoints were identified as running Windows XP or older, which are no longer supported by Microsoft and do not receive security updates, this may present a security risk to your environment if no compensating controls are in place.
ENCRYPTED DEVICESAbsolute validated the encryption status of each endpoint and found 1,226 devices have fully enabled encryption products as follows.
854 endpoints determined to have ‘Microsoft BitLocker’ full volume/disk encryption enabled.
340 endpoints determined to have ‘FileVault2’ full volume/disk encryption enabled.
22 endpoints determined to have ‘TrueCrypt’ full volume/disk encryption enabled.
10 endpoints determined to have ‘PGP Desktop’ full volume/disk encryption enabled.
ENCRYPTION BY PRODUCT
OS PLATFORMS IN USE
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 11
NON-ENCRYPTED DEVICESAbsolute also found that the following have no detected encryption product or the product detected is not enabled and as such the devices are not encrypted.
1197 endpoints determined to have ‘Microsoft BitLocker’ but NOT Encrypted.
650 have ‘no encryption product detected’.
380 endpoints determined to have ‘FileVault2’ but NOT Encrypted.
106 endpoints determined to have ‘FileVault’ but NOT Encrypted.
101 endpoints determined to have ‘Trusted Drive Manager’ but NOT Encrypted.
10 endpoints determined to have ‘TrueCrypt’ but NOT Encrypted.
3 endpoints determined to have ‘PGP Desktop’ but NOT Encrypted.
1 endpoint determined to have ‘SecureDoc Disk Encryption’ but NOT Encrypted.
For the purpose of helping determine if sensitive material is stored on the endpoints missing encryption, the following is a selection of 10 newest calling non-encrypted device:
IDENTIFIER HOSTNAME USERNAME
87UD6H8FG8AA1XQO0063 CICUKN-JNJUY1 DuffH
87UD6H8FG8AA1XQO0127 STRI-L8DFRN1 striadmin
87UD6H8FG8AA1XQO0269 OMAIL-BURESS Omailstaff
87UD6H8FG8AA1XQO0296 NMNHL-RUSSELL123 Russell
87UD6H8FG8AA1XQO0307 TEST-PC test
87UD6H8FG8AA1XQO1893 SMITHROB-PC Smithrob
87UD6H8FG8AA1XQO2370 LOCKNESS Locknessj
87UD6H8FNJDAA10TI0115 ICLLKPBLEJULAPTOP Jane
87UD6H8FNJDAA10TI0167 NZP—LK80345 Manzelj
87UD6H8FBHAA1H3D0320 USER-PC User
NOT ENCRYPTED
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 12
ENDPOINT ANTI-MALWARE STATUSAbsolute validated the presence of an anti-malware product on each endpoint.
Of the 3,679 Absolute enabled devices assessed, 834 devices = 23% have No Anti-Virus or Anti-Malware product detected. Below is the breakdown of Anti-Virus/Anti-Malware software installed.
For the purpose of helping determine if sensitive material is stored on the endpoints missing AV, the following is a selection of 10 newest calling devices missing AV:
IDENTIFIER HOSTNAME USERNAME
87UD6H8FG8AA1XQO0942 Charles’ MacBook Air Charles Erwin
87UD6H8FG8AA1XQO1276 Jason’s MacBook Air Jason Braid
87UD6H8FG8AA1XQO1403 Freda Matt
87UD6H8FG8AA1XQO2036 Robert’s MacBook Pro Robert Francis
87UD6H8FG8AA1XQO2143 Peter’s MacBook Pro (3) Peter Budar
87UD6H8FG8AA1XQO2310 xps13 skdpls
87UD6H8FG8AA1XQO2398 Debbie’s MacBook Pro Debbie
87UD6H8FG8AA1XQO2599 NMNH-L31859 Lana Condrite
87UD6H8FG1JDAA10TI0438 Kendallr Randy Kendall
87UD6H8FG1LAA3G0C0143 dadaf Ed Moss
DETECTED AV BY PRODUCT
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 13
SCCM HEALTHAbsolute validated the presence of SCCM Agent on each Windows endpoint.
Of the 2,735 Absolute enabled Windows devices assessed only 925 were in good SCCM health. 66% have No SCCM agent or are in need of repair.
REMOTE ACCESS APPLICATIONSThe following is a list of common remote access applications we identified on the assessed endpoints, other less common applications may also be present but are not shown here.
This indicates a possible vulnerability to your network if these types of applications are not permitted on your endpoints.
NAME NUMBER OF ENDPOINTS
TeamViewer 83
VNC Viewer 23
Start Listening VNC Viewer 12
Uninstall VNC Viewer 12
VNC Server 7
VNC Server (User Mode) 7
VNC Viewer Enterprise 6
Enter VNC Server License Key 5
Uninstall VNC Server 5
LogMeInIgnition 4
LogMeIn Client 4
Ammyy Admin 2
LogMeIn Hamachi Menubar 2
LogMeIn Hamachi 2
TigerVNC Viewer 1.3.0 2
TurboVNC Viewer 1
TeamViewerQS 1
TeamViewer 11 1
Support-LogMeInRescue-1 1
Support-LogMeInRescue 1
SCCM STATUS
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 14
CLOUD SHARING APPLICATIONSThe following popular cloud sharing applications were identified on the assessed endpoints, other less common applications may also be present but are not shown here.
This indicates a possible data vulnerability to your organization.
NAME NUMBER OF ENDPOINTS
Dropbox 643
iCloud 82
iCloudWeb 82
SUGARSYNCMANAGER 17
ZipCloud 13
OneDrive 9
SldToolboxConfigure 8
Scan to Dropbox 7
Scan to SugarSync 7
ICLOUDSERVICES 6
iCloud Drive 4
Microsoft OneDrive 4
BoxSync 4
Smilebox 4
SugarSync Manager 4
PEER-TO-PEER APPLICATIONS The following peer-to-peer applications were identified on the assessed endpoints, other less common applications may also be present but are not shown here.
This represents a possible data vulnerability to your organization.
NAME NUMBER OF ENDPOINTS
Vuze 8
uTorrent 8
Pandora 6
Pandora Recovery 4
BitTorrent 4
LimeWire 3
µTorrent 2
LimeWire At Login 2
xfp2p 1
torrent 1
pandoc-data 1
pandoc 1
emule 1
absolute.com
SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018
P. 15
CONCLUSIONS ABOUT ACCOUNT HEALTH
Based on the analysis conducted by Absolute, the following findings were made:
• Several endpoints were identified as running an unsupported version of Windows Operating Systems.
• Encryption is being disabled on your endpoints.
• Anti-Virus/Anti-Malware is missing on a large percentage of your endpoints.
• Several instances of remote control software were found and being used by your end-users.
• Two instances of peer-to-peer applications were found and being used by end-users.
• To remotely install and persist your critical applications (SCCM, BitLocker, McAfee, etc.) please see our Application Persistence solution.
ABOUT ABSOLUTE
Absolute set the new standard for endpoint visibility and control with self-healing
endpoint security and always-connected IT asset management to protect devices,
data, applications and users — on and off the network. Bridging the gap between
security and IT operations, only Absolute gives enterprises visibility they can act
on to protect every endpoint, remediate vulnerabilities, and ensure compliance
in the face of insider and external threats. Absolute’s patented Persistence
technology is already embedded in the firmware of more than one billion PC and
mobile devices and trusted by over 12,000 customers worldwide.
© Copyright 2018 Absolute. All Rights Reserved. This is unpublished material and contains confidential information and is subject to a confidentiality agreement. The unauthorized possession, use, reproduction, distribution, display, or disclosure of this material or the information contained herein is prohibited.
The methodologies and processes used in the conduct of this engagement are considered proprietary intellectual property of Absolute, and may not be disclosed without written permission from Absolute. Absolute authorizes you to copy this report for the purposes of disseminating information within your organization or any regulatory agency. Health-Check-Sample-Report-101518
EMAIL :[email protected]
PHONE:North America: 1-877-660-2289 EMEA: +44-118-902-2000
SALES:absolute.com/request-info
WEBSITE:absolute.com